Looking for a job? Do not fall for a new LinkedIn scam!

Job seekers should beware of a new LinkedIn scam[1] designed by cyber criminals. This time, scammers combine several fraudulent techniques to convince people who seek for employment to upload their CVs to phishing websites. The scammers have organized a massive spam campaign[2] to transmit deceptive emails to computer users – the email message reports about “job openings for active LinkedIn users,” and claims that a particular company is looking for “employees from your region.” The auto-generated scam message says that the unnamed company is “interested in your qualifications” and asks to upload the CV to their recruitment database along with a cover letter.

The entire message looks quite convincing, and it has a LinkedIn logo on it; however, some signs clearly show the message is fake and doesn’t come from LinkedIn. The first and most visible sign showing that you should not trust this message is that the sender’s name is written incorrectly. It is pretty obvious that a legitimate company like LinkedIn wouldn’t send out a bunch of messages with an incorrectly written company’s name; obviously, scammers do. Instead of using “LinkedIn” name, it uses “linkedin.” The second mistake is that the design of the message isn’t the original one that LinkedIn actually uses. If you ever received a message from the business and employment-oriented social networking service, you should have noticed that it usually comes in a white theme with a blue top-banner, and the list of suggested connections or job picks. The third suspicious detail is that the sender’s email doesn’t look legitimate at all[3]. The legitimate website sends all of the newsletters and notifications from an email that ends with @linkedin.com; however, scammers use info@serv1.cyber-net.bid email account to send out spam messages. Finally, the false message doesn’t have original LinkedIn’s footer, which is used in all of the legitimate emails.

Clicking on the deceptive button takes the victim to a phishing website (linkedinjobs(.)jimdo(.)com) that asks to upload a CV and select a country where the victim lives in. You should stop right there and not upload your CV to that website, otherwise, you will just send a pile of valuable information to cybercriminals[4]. You would be surprised how useful that data can be[5]. It can be used for various purposes – sold on the deep web forums or directly to companies that do a promotional cold calling. If the information reaches bad people, you might start receiving numerous calls from scammers and become a victim of a vishing attack. If you suspect that you received a phishing email message, please report it and definitely do not click on any links inserted in the letter. Also, stay away from files attached to the message, because they might contain malicious codes!